After Google, Facebook and Amazon, it is Microsoft that will go to the checkout in France, pinned by the Cnil for not having allowed cookies to be simply refused on its Bing search engine.
The American giant will have to pay a slate of 60 million euros.
This is the largest fine imposed in 2022 by the authority, which indicated last year that it was launching a campaign of checks against sites that do not respect the rules on these web cookies.
Microsoft is first sanctioned because French Bing users could not, until March 29, refuse all cookies without going through a tedious setting.
These cookies are small computer files installed by websites on the terminals of their visitors, for technical purposes or targeted advertising.
In particular, they allow advertising agencies to trace the user's navigation, in order to be able to send him personalized advertising related to his centers of interest.
They are regularly denounced for the invasions of privacy they can cause.
Three months to change
"The Restricted Committee noted that making the refusal mechanism more complex amounts, in reality, to discouraging users from refusing cookies and encouraging them to favor the ease of the consent button appearing in the first window", writes the Cnil in a statement.
The commission also identified the installation of two cookies without the prior consent of Internet users, while they served advertising purposes, including the "fight against advertising fraud", i.e. the consultation of advertisements by robots.
On this point, the restricted formation of the commission ordered Microsoft to modify its practices on the “bing.com” site within three months, under penalty of having to pay 60,000 euros per day of delay.
For these breaches related to the European ePrivacy directive transposed into French law in the Data Protection Act, the Cnil could impose a fine of up to 2% of worldwide turnover.
In its press release, the Cnil justified the amount of the fine "by the scope of the processing (of data), by the number of people concerned and by the profits that the company derives from the advertising revenues indirectly generated from the data collected by cookies”, much less than those of Google and Facebook.
The online search giant and the social network had been sanctioned at the end of December 2021 by the Cnil with fines of 150 and 60 million euros respectively for similar breaches, and had been forced to comply within three months. .
Company
Data protection: Meta takes a fine of 265 million euros in the EU
Purchase guide
How to protect your data at a lower cost?
Company
GDPR
CNIL
Microsoft
Bing